a1107e859b
An immediate return statement on connection errors was mistakenly added to the beginning of nxt_openssl_conn_io_shutdown() in ecd3c5bbf7d8, breaking the TLS connection finalization procedure. As a result, a TLS connection was left unfinalized if it had been closed prematurely or a fatal protocol error had occurred, which caused memory and socket descriptor leakage. Moreover, in some cases (notably, on handshake errors in tests with kqueue on macOS) the read event was triggered later and nxt_h1p_conn_error() was called the second time; after the change in af93c866b4f0, the latter call crashed the router process in an attempt to remove a connection from the idle queue twice.
NGINX Unit ---------- The documentation and binary packages are available online: http://unit.nginx.org The source code is provided under the terms of Apache License 2.0: http://hg.nginx.org/unit Please ask questions, report issues, and send patches to the mailing list: unit@nginx.org (http://mailman.nginx.org/mailman/listinfo/unit) or via Github: https://github.com/nginx/unit -- NGINX, Inc. http://nginx.com